From abfd154efd5de2cc3c73ff50b9a489651fb2a5b6 Mon Sep 17 00:00:00 2001 From: Radoslav Georgiev Date: Tue, 26 May 2020 19:42:07 +0300 Subject: examples/http2-down/upload: add error checks If `index.html` does not exist in the directory from which the example is invoked, the fopen(upload, "rb") invocation in `setup` would fail, returning NULL. This value is subsequently passed as the FILE* argument of the `fread` invocation in the `read_callback` function, which is the actual cause of the crash (apparently `fread` assumes that argument to be non-null). In addition, mitigate some possible crashes of similar origin. Closes #5463 --- docs/examples/http2-download.c | 9 ++++++++- docs/examples/http2-upload.c | 27 ++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/docs/examples/http2-download.c b/docs/examples/http2-download.c index 333b7df2c..a86d60219 100644 --- a/docs/examples/http2-download.c +++ b/docs/examples/http2-download.c @@ -26,6 +26,7 @@ #include #include #include +#include /* somewhat unix-specific */ #include @@ -33,6 +34,7 @@ /* curl stuff */ #include +#include #ifndef CURLPIPE_MULTIPLEX /* This little trick will just make sure that we don't enable pipelining for @@ -146,9 +148,14 @@ static void setup(struct transfer *t, int num) hnd = t->easy = curl_easy_init(); - snprintf(filename, 128, "dl-%d", num); + curl_msnprintf(filename, 128, "dl-%d", num); t->out = fopen(filename, "wb"); + if(!t->out) { + fprintf(stderr, "error: could not open file %s for writing: %s\n", + filename, strerror(errno)); + exit(1); + } /* write to this file */ curl_easy_setopt(hnd, CURLOPT_WRITEDATA, t->out); diff --git a/docs/examples/http2-upload.c b/docs/examples/http2-upload.c index 8f1fd4a5f..2b993027e 100644 --- a/docs/examples/http2-upload.c +++ b/docs/examples/http2-upload.c @@ -28,6 +28,7 @@ #include #include #include +#include /* somewhat unix-specific */ #include @@ -35,6 +36,7 @@ /* curl stuff */ #include +#include #ifndef CURLPIPE_MULTIPLEX /* This little trick will just make sure that we don't enable pipelining for @@ -123,8 +125,8 @@ int my_trace(CURL *handle, curl_infotype type, } secs = epoch_offset + tv.tv_sec; now = localtime(&secs); /* not thread safe but we don't care */ - snprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld", - now->tm_hour, now->tm_min, now->tm_sec, (long)tv.tv_usec); + curl_msnprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld", + now->tm_hour, now->tm_min, now->tm_sec, (long)tv.tv_usec); switch(type) { case CURLINFO_TEXT: @@ -176,16 +178,31 @@ static void setup(struct input *i, int num, const char *upload) hnd = i->hnd = curl_easy_init(); i->num = num; - snprintf(filename, 128, "dl-%d", num); + curl_msnprintf(filename, 128, "dl-%d", num); out = fopen(filename, "wb"); + if(!out) { + fprintf(stderr, "error: could not open file %s for writing: %s\n", upload, + strerror(errno)); + exit(1); + } - snprintf(url, 256, "https://localhost:8443/upload-%d", num); + curl_msnprintf(url, 256, "https://localhost:8443/upload-%d", num); /* get the file size of the local file */ - stat(upload, &file_info); + if(stat(upload, &file_info)) { + fprintf(stderr, "error: could not stat file %s: %s\n", upload, + strerror(errno)); + exit(1); + } + uploadsize = file_info.st_size; i->in = fopen(upload, "rb"); + if(!i->in) { + fprintf(stderr, "error: could not open file %s for reading: %s\n", upload, + strerror(errno)); + exit(1); + } /* write to this file */ curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out); -- cgit v1.2.3